Forum Discussion
AlexDeMarco
Nimbostratus
NimbostratusRe-encrypt based on request
Hello,
We are terminating SSL at the F5/VIP level.. However, I have some pages on my IIS server that need to see SSL in the request in order to work properly. I do not want to re-encypt everything being sent to the pool member.
when HTTP_REQUEST {
if {
([HTTP::uri] starts_with "/mysecureapp1") ||
([HTTP::uri] starts_with "/anothersecureapp2")
} then {
snat automap
pool IIS_HTTPS_Pool }
}
However I need to re-encrypt the request before it goes to the pool. I have defined a client cert with the neeeded info but I am not sure how to re-ecrypt in the irule?
Suggestions welcomed... thanks!
- Alex
3 Replies
What_Lies_Bene1Cirrostratus
If you assign a ServerSSL profile to the VS you can use this;when HTTP_REQUEST { set use_ssl 0 switch -glob [string tolower [HTTP::uri]] { "/mysecureapp1*" - "/anothersecureapp2*" { set use_ssl 1 snat automap pool IIS_HTTPS_Pool } If HTTP uri is neither of the above, take the default action below default { set use_ssl 0 pool something? snat something? } } } when SERVER_CONNECTED if { $use_ssl == 0 } { SSL::disable } }
AlexDeMarcoThanks! I will give this a shot.
- What_Lies_Bene1You're welcome. Post back if you have issues.
